Saturday, January 05, 2013

So you’re concerned about your online
privacy and are willing to pay for a service that purports to offer
privacy and anonymity. Maybe you’re feeling pretty smart because
you found a service that says it maintains
no logs and no
subscriber list. And even better, you think, it offers a
lifetime
offer.

Sounds good? Well, wait…

As a long-time Cotse.net subscriber and
fan, I was surprised to see the following recent notice on their
login page:

We’d like to
call Ultimate-Anonymity.com/Ultimate-Privacy.net on the carpet for
paying us for one single user account then selling all of their own
users subscriptions as well as lifetime access to that account under
the guise of it being their service. Not only is that a violation of
our policies, but we think that behavior is quite unethical.

For my Ethical Hackers... I think we
need someone to do some legal research along these lines, here in the
US... (Interesting coments)

"The Dutch government's cyber
security center has published
guidelines (in Dutch) that it hopes will
encourage
ethical hackers to disclose
security vulnerabilities in a responsible way. The person
who discovers the vulnerability should report it directly and as soon
as possible to the owner of the system in a confidential manner, so
the leak cannot be abused by others. Furthermore, the ethical hacker
will not use social engineering techniques, nor install a backdoor or
copy, modify or delete data from the system, the NCSC specified.
Alternatively a hacker could make a directory listing in the system,
the guidelines said. Hackers should also refrain from altering the
system and not repeatedly access the system. Using brute-force
techniques to access a system is also discouraged, the NCSC said.
The ethical hacker further has to agree that vulnerabilities will
only be disclosed after they are fixed and only with consent of the
involved organization. The parties can also decide to inform the
broader IT community if the vulnerability is new or it is suspected
that more systems have the same vulnerability, the NCSC said."

"Whether you agree with his
rationale for doing so or not, Adrian Lamo has come
forward to discuss his reasoning for exposing Bradley
Manning. Manning, now in federal custody, leaked thousands of
U.S. intelligence files and documents. Lamo's side of the story
shows that he was concerned for Manning's mental health and
stability, and for the lives Manning was risking by releasing
classified material — Afghan informants, for instance. Either way,
this goes to show that if you're going to
release stolen/hacked documents, it's best you do it anonymously and
don't brag about it."

Here’s my favorite Big Idea of the
year so far, via John
Robb, who’s always worth your
attention: The Dronenet, a “short distance drone delivery
service built on an open protocol.”

He fleshes it out in aseriesofposts,
but basically, it would be a network of drones that would carry
things the same way the Internet carries data: in packets, over a
series of multiple hops, routing on the fly.

… What’s more, it would dovetail
awfully nicely with the 3D-printing revolution: I’ve argued before
that almost
nobody needs their own 3D printer, but the Dronenet could
ultimately provide not just same-day but often same-hour
delivery of newly printed items.

Facebook clearly can't please all of
the people all of the time. Can they please all of the people some
of the time?

A German state
data protection agency has threatened Facebook’s billionaire
founder and chief executive Mark Zuckerberg with a €20,000
(£16,000) fine if Facebook does not allow Germans to have anonymous
accounts on the social network.

In letters to
Zuckerberg in California, and also to Dublin-based Facebook Ireland
Ltd, the data protection commissioner for the northern German state
of Schleswig-Holstein, Thilo Weichert, said the current rules
violated German law by requiring users to provide their identities.
“It is unacceptable that a US portal like Facebook violates German
data protection law, unopposed and with no prospect of an end,”
said Weichert.

Okay, so what happens if, say, Zuck
says, “No problem. I’ll pay the fine.” Then what could the
data protection commissioner do? Even if Facebook was fined on a
daily basis, if they said, “No problem, we’ll pay the fine.”
Then what? [Then we have invented Internet Taxation
Bob]

… I was surprised to see how few
commentators have raised the point that there can’t
be a search “market” when no one pays for that service.
And that the users of web search are, in fact, the product that
Google sells to the consumers of the market it does monopolize —
online advertising. Or the fact that by using its advertising
revenues to provide services to users for free or greatly discounted
it can collapse those markets and own them as well.

For over a year and a half, many
experts who follow the internet economy have wisely pointed out that
the real consumers in the online search business are advertisers, not
the users who interact with the search engine. One of the most
profound “aha” moments for me came when I read Nathan Newman’s
article “You’re
Not Google’s Customer — You’re the Product: Antitrust in a Web
2.0 World” back in March 2011. He correctly argued that web
browser users who interact with Google search are in fact the product
that gets sold to the real customer — the online advertiser.

“We don't need no stinking
cellphone!” What we do need is a device that connects us to the
Internet.

"Facebook has chosen Canadian
users to be guinea pigs for a new
mobile feature to make free phone calls. Facebook's new
Messenger app for Apple mobile devices enables voice-over-Internet
protocol phone calls, which use data instead of eating into the
minutes in a mobile plan."

… Public speaking and presentations
is an art though – have you ever sat through a horrendous
talk? I know I have and I slightly “ranted” about them in
another MakeUseOf article (which I will be referring to occasionally
throughout this piece), Avoid
Murder By PowerPoint: How To Make Your Presentations Compelling And
Memorable. So what makes the perfect presentation?
Well, there isn’t just one thing that you must do, but a
collaboration of things.

There’s a whole host of educational
videos out there. From Sal Khan’s famous set of instructional video
lessons to the one-off videos by individuals … there’s a lot to
sort through. So where do you start? If you’re like me, you go
straight over to the king of all video sites, YouTube. They have a
dedicated education section (YouTube
EDU) where they have a curated list of resources.

… Explania
describes itself as a place to watch “hundreds of animated
explanations, interactive tutorials and instructional videos, and
feel free to embed them on your own web pages.” It is free to
watch and embed the videos, so if you find one useful, you can easily
share it with your classes or even on a class website. Many
of the videos are technology how-tos, which may not be
useful for your class, but can help you teach your mom to use
Twitter,
for example.

… California
Assemblyman Dan Logue has proposed
legislation to create a pilot program that would investigate ways
for the state to offer a college degree that costs no more than
$10,000. (There are similar efforts in Florida and Texas.) It’s
not clear if Logue’s bill will move forward.

… According to research
from the University of Michigan’s Marc Perry, the price of
college textbooks has increased 812% since 1978 —
something that makes the housing bubble “seem rather
inconsequential.”

… A preview of the 2013
Horizon Report for Higher Education is now available online.
On the near horizon of ed-tech adoption: the flipped classroom,
MOOCs, mobile apps, and tablet computing. The report’s official
release will come in February.

Do you want to save money or find a
job? Yahoo
Pipes helps with both by grabbing the data you want, like job
openings, and feeding it to you immediately. On top of that, it’s
remarkably easy to set up and use.

The Pipes technology represents the
web’s greatest secret – a ridiculously powerful
information-gathering system that, shockingly, very few users have
heard about. Its obscurity partly relates to the complexity in
building a Pipe. Fortunately, using this software
only requires that you access a
database of community-created Pipes. Thousands
of these creations exist within Yahoo’s servers,
allowing users to access subjects as enlightening as science
journals or as mundane as Flickr
photos.

… To get started immediately, take
three simple steps – first, open the pre-built Pipe. Second, input
whatever it is you’re looking for, such as the job title or a
particular product. Third, and optionally, output the stream as an
RSS feed to your favorite feed reader. The first two parts of this
article will walk readers through two potential uses for Pipes –
getting jobs and finding sales. The third part explains how to
integrate a Pipe’s output into an RSS reader.

The Department of
Revenue was more concerned with keeping employees from accessing
news, sports and social media websites on their work computers than
protecting taxpayer data like Social Security numbers, a former
computer security chief at the agency said Thursday.

Tim Smith of Greenville
Online and LaDonna Beeker of WISTV
also cover Scott Shealy’s testimony at a state House of
Representatives hearing on the breach that affected
3.8 million individuals almost 700,000 businesses.

Shealy testified that the state did not
even look for a replacement for him for months after he resigned in
September 2011, and while he was there, he claims he was unable to
convince his bosses that they needed to pay more attention to
security:

Until the breach,
the agency declined free network monitoring of its
servers, did not encrypt all its sensitive data and did not use
multi-password systems to access the data, all defenses
experts have said could have thrwarted the hacker.

...but the government wants to share
everyone's records with every Doc, right?

Medical centers
that elect to keep psychiatric files private and separate from the
rest of a person’s medical record may be doing their patients a
disservice, a Johns Hopkins study concludes.

In a survey of
psychiatry departments at 18 of the top American hospitals as ranked
by U.S. News & World Report’s Best Hospitals in 2007, a Johns
Hopkins team learned that fewer than half of the hospitals had all
inpatient psychiatric records in their electronic medical record
(EMR) systems and that fewer than 25 percent gave non-psychiatrists
full access to those records.

Researchers say,
psychiatric patients were 40 percent less likely to be readmitted to
the hospital within the first month after discharge in institutions
that provided full access to those medical records.

Less than a decade ago, the Pentagon
had about
fifty unmanned combat air vehicles (known as drones or UAV —
unmanned aerial vehicles). It is estimated that they currently have
about
seven thousand of them (and Congress asked for about $5 billion
worth of more drones in 2012).

Google has quietly disabled a feature
that notified users of its search service in China when a keyword had
been censored by the Chinese government’s internet controls,
according to censorship monitoring blog GreatFire.org.
The blog reports that the change was made sometime between December
5 and December 8, 2012, with no official statement from Google to
announce or explain its removal.

As I understand it, this wouldn't rise
to the level of “probable cause” but a tip is a tip – it did
merit a look at the car (not in the garage?) and proceeded from
there?

Police made
an example out of a teenager from Oregon who boasted about
driving drunk on Facebook. “Drivin drunk… classic
but whoever’s vehicle i hit i am sorry.
,” wrote the clueless 18-year-old. According
to local news channel KGW, two people tipped the officers via
Facebook about the post. After inspecting the
most-likely-profusely-sweating/hungover teen’s car,
the damage on his vehicle matched that of two other
vehicles hit earlier that New Year’s morning.

And, with their powers of
deduction…bam! Handcuffs. The suspect was charged with two counts
of “failing to perform the duties of a driver,” but not drunk
driving, because a Facebook post is apparently not sufficient
evidence of intoxication, according to KGW’s report from Deputy
Chief Brad Johnston.

They really don't want to sell you the
game, but they don't want to call it “leasing” or “renting”
either.

silentbrad writes in with a story about
a Sony patent that would block the playing of second-hand games.

"... the patent application was
filed on 9 December 2012 by Sony Computer Entertainment Japan, and
will work by linking individual game discs to a user's account
without
requiring a network connection meaning any future attempt to use
this disc on another user's console won't work. The
patent explains that games will come with contactless
tags [RFID
or NFC? Bob] that will be read by your console
in much the same way as modern bank cards. When a disc is first
used, the disc ID and player ID will be stored on the tag. Every
time the disc is used in future, the tag will check if the two ID's
match up and, if not, then the disc won't work. The document goes on
to explain that such a device is part of
Sony's ongoing efforts to deter second-hand games sales,
and is a far simpler solution than always-on DRM or passwords. It's
worth noting that Sony has not confirmed the existence of the device,
and the patent doesn't state what machine it will be used in, with
later paragraphs also mentioning accessories and peripherals. ...
There's also the issue of what happens should
your console break and need replacing, or if you have more than one
console. Will the games be linked to your PSN
account, meaning they can still be used, or the console, meaning an
entire new library of titles would need to be purchased?"

Arthur C. Clarke was right:

When a distinguished but elderly scientist states that something is
possible, he is almost certainly right. When he states that
something is impossible, he is very probably wrong.

The only way of discovering the limits of the possible is to venture
a little way past them into the impossible.

First time accepted submitter mromanuk
writes in with a story about scientists at Ludwig Maximilian
University of Munich who have created an atomic gas that goes below
absolute zero.

"It may
sound less likely than hell freezing over, but physicists have
created an atomic gas with a
sub-absolute-zero temperature for the first time. Their
technique opens the door to generating negative-Kelvin materials and
new quantum devices, and it could even help to solve a cosmological
mystery."

For the toolkit

Thursday, January 3, 2013

Clean
Print Helps You Save Ink and Paper

Clean
Print is a free browser add-on for Firefox, Chrome, Internet
Explorer, and Safari (including Safari on the iPad). The purpose of
Clean Print is to help you save ink and paper when printing articles
from the Internet. Clean Print allows you to remove
images and advertisements from pages before printing an article.
Clean Print also gives you the option to increase or
decrease font size before printing an article. Learn more about
Clean Print in the video below.

"Results from the early
application rounds at the nation's best technical colleges indicate
that it will be another excruciatingly difficult year for high school
seniors to get accepted into top-notch undergraduate computer science
and engineering programs. Leading tech colleges reported a sharp
rise in early applications, prompting them to be more selective in
choosing prospective freshmen for the Class of 2017. Many colleges
are reporting lower acceptance rates for their binding early decision
and non-binding early action admissions programs than in previous
years. Here's a roundup
of stats from MIT, Stanford and others."

This year, Oscar voters are getting a
deadline extension, giving members an
extra day to vote on the nominees for this year’s Academy
Awards after technical issues plagued the first attempt by The
Academy of Motion Picture Arts and Sciences to allow online voting.

… In a recent Hollywood
Reporter analysis, many Academy voters complained of issues
with logging in to the voting site — something an Academy
representative attributed to voters “forgetting or misusing
passwords” – difficulty navigating the site once they were logged
in, and even the potential for hackers to infiltrate the website and
influence the vote.

“They should have had more lead time
than, ‘Here you go; this is what we are expecting now,’” one
Academy voter told THR. “We’re talking about many
elderly people who are not that computer literate. They might think
that it’s simple, but the simplest thing isn’t simple to many
people... There will probably be a large percentage of people who
will just say, ‘Screw it’ and not even vote this year.”

Is it better to come right out and
admit, “We have no clue what was on that laptop” or is it better
to say, “The breach was limited to only 200 patients...” “Oh
yeah, these 300 were impacted too...” “And we have discovered a
few hundred more...”

When an electronic device with
unencrypted
patient information was stolen from the unattended
vehicle of an Omnicellemployee, the University of Michigan Health System
notified 3,997 of their patients, but
there
were other hospitals that were not named at the time.

Thanks to WVEC,
we now know 56,000Sentara
Healthcare patients treated between Oct. 18 and Nov. 9 at
seven Sentara hospitals and three outpatient care centers in Hampton
Roads, Virginia were also impacted by the theft. Sentara posted a
notice
on their web site that says, in part:

Omnicell’s
investigation concluded that the device may have contained clinical
and demographic information about Sentara patients, including patient
name, birth date, patient number and medical record number.
Additionally, one or more of the following clinical information may
have been involved:

Patient
medical records were not on the device, [See previous paragraph Bob]
and patient medical information has not been lost. Also, no
financial, bank account information, Social Security number, or
insurance information pertaining to any Sentara patient was on the
device.

And yet another organization — South
Jersey Healthcare — has come forward to say that their
patients were affected by the Omnicell breach
discussed previously on this blog. According to The
Daily Journal, 8,555 of their patients
were affected.

Interestingly, The Daily Journal
describes the device as a laptop. All other coverage has been silent
as to the type of electronic device. I wonder if that’s an
assumption on their part or they got a statement from someone
identifying the device as a laptop. I’ve emailed the reporter to
ask.

The Hospice of
North Idaho (HONI) has agreed to pay the U.S. Department of Health
and Human Services’ (HHS) $50,000 to
settle potential violations of the Health Insurance Portability and
Accountability Act of 1996 (HIPAA) Security Rule. This
is the first settlement involving a breach of unprotected electronic
protected health information (ePHI) affecting fewer than 500
individuals.

The HHS Office for
Civil Rights (OCR) began its investigation after HONI reported to HHS
that an unencrypted laptop computer
containing the electronic protected health information (ePHI) of 441
patients had been stolen in June 2010. Laptops containing ePHI are
regularly used by the organization as part of their field work. Over
the course of the investigation, OCR discovered that HONI had not
conducted a risk analysis to safeguard ePHI. Further, HONI did not
have in place policies or procedures to address mobile device
security as required by the HIPAA Security Rule. Since the June 2010
theft, HONI has taken extensive additional steps to improve their
HIPAA Privacy and Security compliance program.

“This action
sends a strong message to the health care industry that, regardless
of size, covered entities must take action and will be held
accountable for safeguarding their patients’ health information.”
said OCR Director Leon Rodriguez. “Encryption is
an easy method for making lost information unusable, unreadable and
undecipherable.”

The Health
Information Technology for Economic and Clinical Health (HITECH)
Breach Notification Rule requires covered entities to report an
impermissible use or disclosure of protected health information, or a
“breach,” of 500 individuals or more to the Secretary of HHS and
the media within 60 days after the discovery of the breach. Smaller
breaches affecting less than 500 individuals must be reported to the
Secretary on an annual basis.

A new educational
initiative, Mobile Devices: Know the RISKS. Take the STEPS.
PROTECT and SECURE Health Information, has been launched by
OCR and the HHS Office of the National Coordinator for Health
Information Technology (ONC) that offers health care providers and
organizations practical tips on ways to protect their patients’
health information when using mobile devices such as laptops,
tablets, and smartphones. For more information, visit
www.HealthIT.gov/mobiledevices.

"Not long ago we ran
a story about how a NY newspaper published lists of gun owners.
Now, it seems the same newspaper has hired
armed guards in response to unspecified threats to the editor,
amid 'large volumes of negative response.' From the article: 'The
editor, Caryn McBride, told police the newspaper hired a private
security company whose "employees are armed and will be on
site during business hours," [At
home, after working hours, you might feel safer is you have a gun...
Bob] the report said. The guards are
protecting the newspaper's staff and Rockland County offices in West
Nyack, New York.'"

Which came first, the legal strategy or
the military (political?) strategy?

The President Barack Obama
administration does not have to disclose the legal basis for its
drone targeted killing program of Americans, according to a Wednesday
decision a judge likened to “Alice in Wonderland”.

U.S. District Court Judge Colleen
McMahon of New York, ruling in lawsuits brought by the American Civil
Liberties Union and The New York Times, said she was caught
in a “paradoxical
situation” (.pdf) of allowing the administration to claim it
was legal to kill enemies outside traditional combat zones while
keeping the legal rational secret.

… The authorities have conceded,
however, that a Justice Department Office of Legal Counsel opinion
addresses the issue, but maintain that it does not have to be made
public. “It is beyond the power of this court to conclude that a
document has been improperly classified,” the judge wrote.

Politico’s Josh Gerstein, who first
reported the opinion, notes that such a statement by the judge is
false, and that in “very rare cases” judges “have
done so.”

In a criminal case sure to make
programmers nervous, a software maker who licenses a program used by
online casinos and bookmakers overseas is being charged with
promoting gambling in New York because authorities say his software
was used by others for illegal betting in that state.

… But Stuart, who has been charged
along with his wife and brother-in-law with one felony count for
promoting gambling in New York through their software firm, says that
his company sells the software only to entities outside the U.S. and
that he’s not aware of anyone using it in the U.S. or using it to
take illegal bets in the U.S. He also says the software doesn’t
place bets, it simply provides online gambling sites with the
infrastructure to select and display which sporting events they want
to offer for betting and also stores the bets.

"Eriq Gardner writes that
Warner Brothers is suing California resident Mark Towle, a specialist
in customizing replicas of automobiles featured in films and TV
shows, for selling
replicas of automobiles from the 1960s ABC series Batman by
arguing that copyright protection extends to the overall look and
feel of the Batmobile. The case hinges on what exactly is a
Batmobile — an automobile or a piece of intellectual property?
Warner attorney J. Andrew Coombs argues in legal papers that the
Batmobile incorporates trademarks with distinctive secondary meaning
and that by selling an unauthorized replica, Towle is likely
to confuse consumers about whether the cars are DC products are not.
Towle's attorney Larry Zerner, argues that automobiles aren't
copyrightable. 'It is black letter law that useful articles, such as
automobiles, do not qualify as "sculptural works" and are
thus not eligible for copyright protection,' writes Zerner adding
that a decision to affirm copyright elements of automotive design
features could be exploited by automobile manufacturers. 'The
implications of a ruling upholding this standard are easy to imagine.
Ford,
Toyota, Ferrari and Honda would start publishing comic books, so
that they could protect what, up until now, was unprotectable.'"

"Do you like to tweet or share
links to interesting news articles? According to a coalition of
Irish newspapers, that
makes you a pirate. The National Newspapers of Ireland has
adopted a new policy. Any website which links to one of the 15 NNI
member newspapers will
have to pay a minimum of 300 Euros, with the license fee going up
if you post more links. Note that this is not a fee to post an
excerpt or some punitive measure for the copying of an entire
article. No, the NNI wants to charge for links alone. It's almost
as if this organization has no idea how the web works. Or maybe they
have found an elaborate way to commit suicide."

"A new patent troll is in town,
this time targeting the users of technology, rather than the
creators. They appear to hold a
process patent for 'scanning a document and then emailing it.'
They are targeting small businesses in a variety of locations and
usually want somewhere between $900 to $1200 per employee for
'infringement' of their patent. As with most patent trolls, they go
by a number of shell companies, but the original company name appears
to be Project Paperless LLC. Joel Spolsky said in a tweet
that 'This is organized crime, plain and
simple...' I tend to agree with him. When will
something be done about this legal mafia?"

Apple most likely sighed a huge sigh of
relief when they found out that Installous, the popular jailbroken
pirating app for iOS, shut down a couple days ago. However, it looks
like there’s another threat to replace Installous. A new hack
allows users to bypass Apple DRM and install pirated apps without the
need to jailbreak.

Zeusmos and
Kuaiyong are two alternatives to Installous, and both have been
gaining significance since the exit of Installous. The former has
been around for a few months now, while the latter has appeared
almost from nowhere over the past couple of weeks. Both of these
services offer simple, one-tap installs of pirated apps and don’t
require that devices be jailbroken.

For my Statistics class. Remember, the
Colts released Payton Manning because (statistically) he was over the
hill. New Statistical Axiom: Never bet against Peyton Manning.

"Can data-analytics software
win a Super Bowl? That's what the Buffalo Bills are betting on: the
NFL team will create
an analytics department to crunch player data, building on a
model already well established in professional baseball and
basketball. 'We are going to create and establish
a very robust football analytics operation that we layer into our
entire operation moving forward,' Buffalo Bills president Russ
Brandon recently told The Buffalo News. 'That's something that's
very important to me and the future of the franchise.' The increased
use of analytics in other sports, he added, led him to make the
decision: 'We've seen it in the NBA. We've seen it more in baseball.
It's starting to spruce its head a little bit in football, and I
feel we're missing the target if we don't invest in that area of our
operation, and we will.'"

An introduction to Arbitrage (and the
stupidity of the “We gotta do something!” crowd) Go to your
favorite online site, download some free games, burn a few thousand
CDs and buy the dang waterpark!

It would
appear that the folks in Southington, Connecticut are looking to
terminate the enemy with extreme prejudice – the enemy being
violent media of all shapes and sizes. The group hosting the event
by the name of “Violent Video Games Return Program” will be
allowing in all manner of violent media with a promise that they’ll
get a $25 “certificate” for every unit they turn in from the
local Chamber of Commerce. One thing they’ll be sure to have
victory on is a massive pile of old games and movies, that’s for
sure – how empty their pocketbooks will be at the end of this may
be a different story.

… The
event will be held at the local drive-in movie theater on the 12th of
January and will include “a $25 gift voucher intended to be used
for other forms of entertainment, like perhaps, a local water park.”

Last year a group of UK teachers
started working on a
Creative Commons licensed teaching manual for the Raspberry Pi.
That work has produced the Raspberry Pi Education Manual
which is available at the Pi Store or here
as a PDF. From Raspberry Pi: "The manual is released under
a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 unported
licence, which is a complicated way of saying that it’s
free for you to download, copy, adapt and use – you just can’t
sell it. You’ll find chapters here on Scratch, Python,
interfacing, and the command line. There’s a group at Oracle which
is currently working with us on a faster Java virtual machine (JVM)
for the Pi, and once that work’s done, chapters on Greenfoot and
Geogebra will also be made available – we hope that’ll be very
soon."

Whether you’re a free Flickr user or
a pro account holder, you are entitled to receive a gift from Flickr
– the gift of a pro account for three months! But, hurry as the
promotion ends on January 4th.

All you need to do to activate your
free gift from Flickr is to log in to your Flickr account via a
mobile application or the desktop. Mobile users will automatically
receive the gift with no action required. If you use the desktop, a
banner will show you the offer of three months for free and all you
need to do is accept the deal. It really couldn’t be easier!

A growing number of colleges are
providing graduating students tools
to improve their online image. The services arrange for positive
results on search engine inquiries by pushing your party pictures,
and other snapshots of your lapsed judgement off the first page.
Syracuse, Rochester and Johns Hopkins are among the schools that are
offering such services free of charge. From the article: "Samantha
Grossman wasn't always thrilled with the impression that emerged when
people Googled her name. 'It wasn't anything too horrible,' she
said. 'I just have a common name. There would be pictures, college
partying pictures, that weren't of me, things I wouldn't want
associated with me.' So before she graduated from Syracuse
University last spring, the school provided her with a tool that
allowed her to put her best Web foot forward. Now when people Google
her, they go straight to a positive image — professional photo, cum
laude degree and credentials — that she credits with helping her
land a digital advertising job in New York."

… Many people often think that the
“Internet stuff” is just for technology careers and young people,
but it’s not. There are many cases where having a solid online
presence has proven beneficial to people of all ages and industries.

Wednesday, January 02, 2013

Over the past year, I’ve had the
opportunity to talk to a number of people in different organizations
who are concerned with insider breaches in the health care sector.
One of those people is Kurt Long, CEO and Founder of FairWarning,
a firm that provides patient privacy monitoring (privacy breach
detection) systems.

So, here’s a little pop quiz to start
this post:

What percent of insider breaches
are reduced by employee training on HIPAA and review of access
policies?

What percent of insider breaches
can be reduced by installing monitoring software?

What percent of insider breaches
can be reduced if you actually enforce policies and discipline
employees?

That’s good advertising for them, and
I’m sure readers will point out that their statistics, based on a
non-random sample, may be somewhat self-serving. But their findings
should also be food for thought for your practice or organization.

This past year, I blogged a lot about
insider breaches in the healthcare sector. While strengthening
firewalls against external threats is critical, as is training
employees not to fall for phishing schemes and not to leave PII on
unencrypted devices in unattended vehicles, some of the standard
security precautions – like encrypting PHI – really do nothing to
reduce breaches by those who are authorized to access patient data.
FairWarning’s data suggest that a strong employee training program
combined with monitoring access and making a point of enforcing
discipline so that everyone gets the message might reduce the vast
majority of insider privacy breaches.

But while creating a culture in which
employees understand that they might or will lose their jobs for
inappropriate access is important, I think it’s also crucial that
those in the health care sector see more examples of employees being
criminally prosecuted for snooping or other inappropriate access.
California has been in the forefront of pursuing cases of snooping,
while the federal government has been in the forefront of prosecuting
cases involving patient data used for Medicare fraud and tax refund
fraud. Unfortunately, many prosecutions for fraud do not name the
hospital or health care provider whose employee(s) engaged in illegal
conduct. Perhaps if they did, organizations of all sizes would be
more concerned about potential reputation harm and would take more
aggressive steps to prevent insider breaches. Even if an entity is
not named, however, such breaches can incur significant breach costs
and affect patients’ confidence or trust in the entity to protect
their sensitive information.

So what will your organization be doing
in 2013 to reduce insider breaches? And if your organization has
implemented some effective strategies to reduce insider breaches,
what are those strategies?

Evan Brown provides a recap of the
ruling in in MacDermid,
Inc. v. Deiter. The relevant background of the case is that
an employee of a U.S. firm who lived and worked in Canada allegedly
accessed her firm’s server in Connecticut from her Canadian
location and forwarded confidential corporate information from her
work e-mail account to her personal account. The transfer allgedly
occurred after she learned she was to be terminated from her
position.

MacDermid sued the employee in federal
court in Connecticut, alleging unauthorized access and misuse of a
computer system and misappropriation of trade secrets in violation of
Conn. Gen. Stat. §§ 53a-251 and 35-51 et seq. The
employee moved to dismiss based on lack of personal jurisdiction as
she resided and worked in Canada. The District Court agreed with the
defendant. McDermid then appealed the dismissal.

On appeal, the Second Circuit reversed
and remanded. The court held that Connecticut’s long-arm statute
did apply because the the server was located in Connecticut. And
although there would be some burden for the defendant to travel to
Connecticut to defend the suit, that factor did not make jurisdiction
in Connecticut unreasonable:

Further,
efficiency and social policies against computer-based theft are
generally best served by adjudication in the state from which
computer files have been misappropriated. Accordingly, we conclude
that jurisdiction is reasonable in this case.

Sarah Kendzior has a thoughtful
piece on a topic I’ve mentioned before: does a mother’s right
to tell her story or blog about her life trump the privacy rights of
her child? The issue recently came to the forefront again after
Sarah responded
critically to a blog post called “I
Am Adam Lanza’s Mother” that had gone viral. I had winced as
I had read Liza Long’s post and wondered how her son might feel
years from now if he sees what she wrote about him, but I had
understood what she was trying to do. I had also winced at Sarah’s
response, because I had the feeling that she had never walked a mile
in the shoes of a mother of a child with special needs.

Sarah writes:

On December 19,
the Federal Trade Commission passed
a law increasing privacy safeguards on children’s mobile apps
and websites. Under the new law, websites and apps will have to get
parental permission to collect photos, videos and other information
that children post online.

“Parents, not
social networks or marketers, will remain the gatekeepers when it
comes to their children’s privacy,” explained
Jim Steyer, head of the child media advocacy group Common Sense
Media.

This is all well
and good, but a question remains: Who will protect
children from their parents?

It’s an important question in a world
where the Internet never forgets. And the risks for children who
have mental health challenges may be even greater. Sarah writes:

To reveal the
personal struggles of a mentally ill minor online – in particular,
to paint him as unstable and violent – is a form of child abuse.
Not only does it violate the bond between a child and the person who
is supposed to protect him, it can lead to the child being mocked,
attacked and shunned by his own community when he is already
vulnerable.

Moreover, the
damage is permanent. Even if a mentally ill child gets the help he
needs, even if he changes his behaviour, the words of his mother will
follow him. When he applies to college, when he looks for a job, he
will not be able to escape the nightmarish portrayal painted by his
mother, the person who knew him best, the person who sold him out.

Her statement is somewhat harsh, but it
is worth considering. Parents of special needs children often lack
adequate supports offline. Writing about their day or the challenges
they and their children face is an outlet that can bring them
emotional support – and helpful treatment ideas – that they may
not have available otherwise. Even a “vent” blog serves a
function if it helps the mother express frustration that might
otherwise be expressed by physically punishing her child. And many
parents of special needs children write with the fervent hope that
somehow – if they can just write well enough – others will
understand their child and perhaps be more accepting of children who
are not like their peers. And maybe, just maybe, other mothers will
not look at them with disdain or as failures because their child does
not behave like other children.

As a mental health professional and
author, and as a mother who raised two special needs children, I
understand both sides of the arguments about non-commercial mommy
bloggers. Sharing real stories can increase public awareness and
empathy and provide a forum for support. But my children are now old
enough to think and give consent or deny consent if I wanted to share
their stories online. For most mommy bloggers, the children are too
young to grasp or have input into what their mothers decide to share
about them and how it might harm them in the future.

So where is the balance? Ideally, I’d
say blog anonymously and don’t use real names or location
information. Realistically, though, I know that even with
pseudonyms, some children’s stories are so unique that they could
still be identified and named, leaving a digital trail that might
harm their chances in the future.

Maybe part of the solution is for mommy
bloggers to ask themselves a few simple questions before they write
anything about their children:

1. What am I
trying to accomplish here?2. Is there any future risk to my child
by sharing this information about him or her?3. Is there any
other way to accomplish my goal without disclosing private
information about my child?

Of course, the above doesn’t really
apply to mommy bloggers who are blogging for commercial gain. To
those bloggers, I’d just ask, “What price do you put on your
child’s privacy and future or on your future relationship with
them? If someone comes along and archives everything you write about
your child and you cannot not get it removed from the Internet, would
it still be worth it?”

It may be easier to find “Bob” in
Centennial, Colorado than “Subject 427J” but if that is the only
thing that changes in my medical dossier, I suspect anyone could find
me. I'm betting we need a neutral third party to do the analysis and
pass only summary data to the researchers.

The story of how Massachusett Governor
William Weld’s de-identified medical records were quickly
re-identified in 1997 by then-graduate student Latanya Sweeney is now
legendary in discussions of the risks of sharing “anonymized” or
“de-identified” health records that might foster research. In an
article on Scientific American, Erica Klarreich describes a
mathematical technique called “differential privacy” that could
give researchers access to vast repositories of personal data while
meeting a high standard for privacy protection:

A differentially
private data release algorithm allows researchers to ask practically
any question about a database of sensitive information and provides
answers that have been “blurred” so that they reveal virtually
nothing about any individual’s data — not even whether the
individual was in the database in the first place.

“The idea is
that if you allow your data to be used, you incur no additional
risk,” said Cynthia Dwork of Microsoft Research Silicon Valley.
Dwork introduced the concept of differential privacy in 2005, along
with McSherry, Kobbi Nissim of Israel’s Ben-Gurion University and
Adam Smith of Pennsylvania State University.

Differential
privacy preserves “plausible deniability,”
as Avrim Blum of Carnegie Mellon University likes to put it. “If I
want to pretend that my private information is
different from what it really is, I can,” he said. “The
output of a differentially private mechanism is going to be almost
exactly the same whether it includes the real me or the pretend me,
so I can plausibly deny anything I want.”

Read more on Scientific
American for a description of how this works and programs that
are being developed to help researchers implement this approach.

I’ve posted a few look-backs at
privacy in 2012, including my
own review of the year in U.S. privacy. From across the pond,
James Baker, Lib Dem Councillor for Warley ward in Calderdale and
No2ID campaigner, provides his own look back at privacy issues in the
U.K. in 2012. It’s somewhat comforting to know that our advocacy
counterparts overseas are struggling with some of the same privacy
issues we are.

I don’t subscribe to Showtime, so I
missed the first episodes of director Oliver Stone and historian
Peter Kuznick’s series, “The Untold History of the United
States,” but it looks like you can view
some of the full episodes online, free.

Reader and link contributor
extraordinaire Joe Cadillic sends in this link to an interview
of Stone and Kuznick about the series and how President Obama has
been a sheep in wolf’s clothing when it comes to entrenching us
more deeply in a surveillance state.

… The DPC’s annual
study evaluates a total of 164 countries, and found this year
that 123 of them have a head of state that is on Twitter, either with
a personal handle or an official government one. That’s up
significantly from 2011, when 69 out of the 164 countries had a
Twitter presence.

… In terms of followers, the study
found that US President Barack Obama is by far the most watched world
leader on Twitter, with 25
million followers. Coming in at number two? Hugo Chavez of
Venezuela, with 3.5
million followers.

Something for the Ethical Hacker
toolkit? (Because you don't have to be in Pakistan to use it...)

"This timeline
presents significant events and developments in the innovation and
management of information and documents from cave paintings (ca
30,000 BC) to the present. To keep recent electronic developments
from dominating the listing, only the most significant digital
innovations are included."

Can we please get him to suck in that
annoying gecko? (Quick: Name an American physicist who would be
immediately recognized in a similar role?)

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.